Описание
A flaw was found in udev in systemd. A local user with access to malicious hardware devices can exploit this vulnerability. By providing unsanitized kernel output, the flaw allows for local root execution, leading to privilege escalation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | NetworkManager | Not affected | ||
| Red Hat Enterprise Linux 10 | rpm-ostree | Fix deferred | ||
| Red Hat Enterprise Linux 10 | systemd | Not affected | ||
| Red Hat Enterprise Linux 7 | systemd | Not affected | ||
| Red Hat Enterprise Linux 8 | NetworkManager | Not affected | ||
| Red Hat Enterprise Linux 8 | systemd | Not affected | ||
| Red Hat Enterprise Linux 9 | NetworkManager | Not affected | ||
| Red Hat Enterprise Linux 9 | systemd | Not affected | ||
| Red Hat Hardened Images | systemd | Not affected | ||
| Red Hat OpenShift Container Platform 4 | NetworkManager | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-250
https://bugzilla.redhat.com/show_bug.cgi?id=2457324systemd: udev in systemd: Privilege escalation via malicious hardware devices and unsanitized kernel output
EPSS
Процентиль: 5%
0.0002
Низкий
6.4 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.4
ubuntu
2 дня назад
In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.
CVSS3: 6.4
nvd
5 дней назад
In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.
CVSS3: 6.4
debian
5 дней назад
In udev in systemd before 260, local root execution can occur via mali ...
CVSS3: 6.4
github
5 дней назад
In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.
EPSS
Процентиль: 5%
0.0002
Низкий
6.4 Medium
CVSS3